INNOVATION

Verisign Labs

We are committed to making the Internet a safe and reliable place for people to do business and interact.

Innovating to Create a Stronger Internet

We are constantly creating and testing new tools to improve the Internet. Select and use a host of top DNS tools developed by one of the most trusted names in Internet Security for free.

DNSSEC DEBUGGER

DNSSEC DEBUGGER

The DNSSEC Debugger is a Web-based tool for ensuring that the "chain of trust" is intact for a particular DNSSEC enabled domain name. The tool shows a step-by-step validation of a given domain name and highlights any problems found. The tool begins with a query to a root nameserver. It then follows the referrals to the authoritative nameserver, validating DNSSEC keys and signatures as it goes. Each step in the process is given a good (green), warning (yellow), or error (red) status code. You can move your mouse over the warning and error icons to view a longer explanation. Press the plus (+) and minus (-) keys to increase or decrease debugging. At the highest debugging level you can see the full, raw DNS messages for almost all of the queries.

View tool
DANE TEST PAGES

DANE TEST PAGES

Our DANE test site contains links to demonstrate and test The DNS-Based Authentication of Named Entities (DANE) Transport Layer Security (TLS) Protocol (TLSA). DANE provides a way to authenticate TLS (X.509) certificates using DNSSEC.

View tool
TLD-MON

TLD-MON

TLD-Mon is a monitoring system that continuously performs several specific checks of each top-level domain, focusing especially on DNSSEC compliance. The tool checks for EDNS0 and PMTU problems, secondary nameserver synchronization, signature validity periods and more.

View tool
DNSSEC? OR NOT?

DNSSEC? OR NOT?

This simple Web page informs you whether or not your DNS resolver is configured for DNSSEC validation. You may also use this service via DNS by sending a command-line query as follows: "$ dig test.dnssec-or-not.net TXT"

View tool
DNSSEC SCOREBOARD

DNSSEC SCOREBOARD

The DNSSEC Scoreboard shows the number of domains secured in the com, net and edu zones.

View tool
YET ANOTHER ZONE VALIDATION SCRIPT

YET ANOTHER ZONE VALIDATION SCRIPT

YAZVS is a Perl script designed to perform DNSSEC validations on candidate signed zones before they are published. It verifies signatures and reports on differences between the current and candidate zones. Due to its implementation, this script is not suitable for very large zones.

View tool
TRANSITIVE TRUST CHECKER

TRANSITIVE TRUST CHECKER

The Transitive Trust Checker produces trust-relationship graphs for one or more given DNS zones. The graphs show how the zones are related based on names, addresses and AS numbers.

View tool
KEY TOOL

KEY TOOL

Keytool is a simple Web form designed to assist with manipulation of DNSKEY data. It can re-format DNS key records, generate DS records and generate lines suitable for pasting into a named.conf file.

View tool